Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: BlueWall on October 25, 2011, 02:54:26 AM



Title: AT&T sends botnet warning for 92.243.23.21
Post by: BlueWall on October 25, 2011, 02:54:26 AM

My ISP (AT&T) sends warnings from time to time about connections from my IP to a botnet. These seem to all be related to operating the Bitcoin client. This latest warning includes the target IP which is  92.243.23.21. I understand that the connection to that host is used to boot up the bitcoin client. Is it safe for me to block that IP in my firewall? And, has anyone else seen similar warnings from their ISP about this, or other IP used with the Bitcoin client?

Thanks!
BlueWall


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: error on October 25, 2011, 02:55:46 AM
You can tell AT&T to piss off. You can also use the -noirc command line option for the client, but telling AT&T to piss off is more effective.


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: Raoul Duke on October 25, 2011, 02:57:34 AM
I agree with the above poster.

Also tell them that it's not a botnet and the connection is intended and they better stop sending those letters as not to make a fool of themselves and lose some customers because of it...


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: BlueWall on October 25, 2011, 03:07:49 AM
Thanks!


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: sadpandatech on October 27, 2011, 03:19:25 PM
I agree with the above poster.

Also tell them that it's not a botnet and the connection is intended and they better stop sending those letters as not to make a fool of themselves and lose some customers because of it...

   Agree, but they don't care.  My production machine now includes the -noirc option since my last post about this same topic. However, any time I hook up a new client that I want to connect in that manner they send me the email. I have of course responded, kindly informing them of their ignorance and requesting them to stop spamming me. My replies have gone completely ignored to date.


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: odysseus654 on October 27, 2011, 03:52:04 PM
With the reputation that IRC in general has gotten over the years, I wouldn't be surprised if any IRC-like communication is declared malicious...


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: Raoul Duke on October 27, 2011, 07:37:11 PM
I agree with the above poster.

Also tell them that it's not a botnet and the connection is intended and they better stop sending those letters as not to make a fool of themselves and lose some customers because of it...

   Agree, but they don't care.  My production machine now includes the -noirc option since my last post about this same topic. However, any time I hook up a new client that I want to connect in that manner they send me the email. I have of course responded, kindly informing them of their ignorance and requesting them to stop spamming me. My replies have gone completely ignored to date.

Well, that's clearly a case where you just do to their letters the exact same thing they do to your emails, you ignore them ;)


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: sadpandatech on October 27, 2011, 09:02:33 PM
I agree with the above poster.

Also tell them that it's not a botnet and the connection is intended and they better stop sending those letters as not to make a fool of themselves and lose some customers because of it...

   Agree, but they don't care.  My production machine now includes the -noirc option since my last post about this same topic. However, any time I hook up a new client that I want to connect in that manner they send me the email. I have of course responded, kindly informing them of their ignorance and requesting them to stop spamming me. My replies have gone completely ignored to date.

Well, that's clearly a case where you just do to their letters the exact same thing they do to your emails, you ignore them ;)

  Shortly after I typed that up I setup a copy/paste auto response to any emails from abuse@att.com informing them that spamming email on their own network is still spam and to kindly leave me the F*&k alone.

  OT; I love receiving phishing emails from people not smart enough to set character limits, etc for the http post form data. ;p I noticed one from 'Western Union' today in the spam folder of a sub acct and figured they could probably use a few gigs worth of bogus usernames and passwords to weed through. ;p


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: Exonumia on October 29, 2011, 09:57:40 AM

You can also have the client skip the IRC bootstrapping by adding:

noirc=1

in your bitcoin.conf file.

You could also use the command line option: add -noirc after the bitcoin launch for example: "bitcoin.exe -noirc"







Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: Gabi on November 05, 2011, 05:44:45 PM
With the reputation that IRC in general has gotten over the years, I wouldn't be surprised if any IRC-like communication is declared malicious...
They can declare what the fuck they want, it won't change the fact it is legit and we will use it


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: odysseus654 on November 06, 2011, 12:07:13 AM
With the reputation that IRC in general has gotten over the years, I wouldn't be surprised if any IRC-like communication is declared malicious...
They can declare what the fuck they want, it won't change the fact it is legit and we will use it

Not saying it isn't legit (and if the problems get too bad it can be disabled as mentioned above or we can use DHT or something) but I've seen a couple AUPs that explicitly mention IRC as something Not To Be Done.  Quick google search shows a thread from 2003 about a datacenter that banned it (http://forums.theplanet.com/index.php?showtopic=35885).

Get as mad as you want at this, a lot of people don't even know what TELNET is these days (recently went to a meeting where someone tried to explain the concept and how it differs from the web).

[Edit] Will "excessive twitter activity" be soon seen as suspicion of a botnet (http://ddos.arbornetworks.com/2009/08/twitter-based-botnet-command-channel/)?  What about putting the two concepts together and getting a Bitcoin Twitter botnet (http://www.f-secure.com/weblog/archives/00002207.html)?


Title: Re: AT&T sends botnet warning for 92.243.23.21
Post by: tlhonmey on January 19, 2012, 08:58:23 PM
A-lot of Time & Trouble usually lives up to its name.  Unfortunately their scanning for botnets is most likely completely automated, and I doubt that they are competent enough to have the ability to enter exceptions.  Don't get too mad at them though, they are, at least, _trying_ to protect you from having your accounts hacked.  Even if they are failing miserably.